diff --git a/docs/content/en/docs/packages/cert-manager/v1.16.1.md b/docs/content/en/docs/packages/cert-manager/v1.16.1.md new file mode 100644 index 000000000000..8c06cc44e03b --- /dev/null +++ b/docs/content/en/docs/packages/cert-manager/v1.16.1.md @@ -0,0 +1,36 @@ +--- +title: "v1.16.1" +linkTitle: "v1.16.1" +weight: 50 +aliases: + /docs/reference/packagespec/cert-manager/v1.16.1/ +description: > +--- + +### Configuring Cert-Manager in EKS Anywhere package spec + +#### Example +``` +apiVersion: packages.eks.amazonaws.com/v1alpha1 +kind: Package +metadata: + name: my-cert-manager + namespace: eksa-packages- +spec: + packageName: cert-manager + config: | + global: + logLevel: 4 +``` + +The following table lists the configurable parameters of the cert-manager package spec and the default values. + +| Parameter | Description | Default | +|--------------------------|------------------------------------------------------------------------------------------------------|----------------| +| **General** | | | +| `namespace` | The namespace to use for installing cert-manager package | `cert-manager` | +| `imagePullPolicy` | The image pull policy | `IfNotPresent` | +| **global** | | | +| `global.logLevel` | The log level: integer from 0-6 | `2` | +| **Webhook** | | | +| `webhook.timeoutSeconds` | The time in seconds to wait for the webhook to connect with the kube-api server | `0` | diff --git a/docs/content/en/docs/packages/changelog.md b/docs/content/en/docs/packages/changelog.md index 9710a9e9f515..5600dd8fa225 100644 --- a/docs/content/en/docs/packages/changelog.md +++ b/docs/content/en/docs/packages/changelog.md @@ -6,6 +6,18 @@ description: > Changelog for Curated packages release --- +## Package Bundle Release (12-26-2024) + +#### Changed + +- cert-manager `1.15.3` to `1.16.1` + - **Updated helm patch to include properties for eksa-packages in values.schema.json** [#4171](https://github.com/aws/eks-anywhere-build-tooling/pull/4171) +- cluster-autoscaler `9.43.0` to `9.43.2` +- credential-provider-package `0.4.4` to `0.4.5` + - **Added support to update both legacy and default path for kubelet-extra-args for ubuntu** [#1177](https://github.com/aws/eks-anywhere-packages/pull/1177) +- metallb `0.14.8` to `0.14.9` +- prometheus `2.54.1` to `2.55.1` + ## Package Bundle Release (10-18-2024) #### Changed diff --git a/docs/content/en/docs/packages/cluster-autoscaler/v9.43.2.md b/docs/content/en/docs/packages/cluster-autoscaler/v9.43.2.md new file mode 100644 index 000000000000..c61b3781de1c --- /dev/null +++ b/docs/content/en/docs/packages/cluster-autoscaler/v9.43.2.md @@ -0,0 +1,19 @@ +--- +title: "v9.43.2" +linkTitle: "v9.43.2" +weight: 30 +aliases: + /docs/reference/packagespec/cluster-autoscaler/v9.43.2/ +description: > +--- + +### Configuring Cluster Autoscaler in EKS Anywhere package spec + +| Parameter | Description | Default | +|---|---|---| +|**General**||| +| cloudProvider | Cluster Autoscaler cloud provider. This should always be clusterapi.
Example:
cloudProvider: "clusterapi"
| "clusterapi" +| autoDiscovery.clusterName | Name of the kubernetes cluster this autoscaler package should autoscale.
Example:
autoDiscovery.clusterName: "mgmt-cluster"
| false +| clusterAPIMode | Where Cluster Autoscaler should look for a kubeconfig to communicate with the cluster it will manage. See https://github.com/kubernetes/autoscaler/blob/master/cluster-autoscaler/cloudprovider/clusterapi/README.md#connecting-cluster-autoscaler-to-cluster-api-management-and-workload-clusters
Example:
clusterAPIMode: "incluster-kubeconfig"
| "incluster-incluster" +| clusterAPICloudConfigPath | Path to kubeconfig for connecting to Cluster API Management Cluster, only used if `clusterAPIMode=kubeconfig-kubeconfig or incluster-kubeconfig`
Example:
clusterAPICloudConfigPath: "/etc/kubernetes/value"
| "/etc/kubernetes/mgmt-kubeconfig" +| extraVolumeSecrets | Additional volumes to mount from Secrets.
Example:
extraVolumeSecrets: {}
| {} diff --git a/docs/content/en/docs/packages/credential-provider-package/v0.4.5.md b/docs/content/en/docs/packages/credential-provider-package/v0.4.5.md new file mode 100644 index 000000000000..27c460418f1e --- /dev/null +++ b/docs/content/en/docs/packages/credential-provider-package/v0.4.5.md @@ -0,0 +1,96 @@ +--- +title: "v0.4.5" +linkTitle: "v0.4.5" +weight: 30 +aliases: + /docs/reference/packagespec/credential-provider-package/v0.4.5/ +description: > +--- + +### Configuring Credential Provider Package in EKS Anywhere package spec + +#### Example + +The following is the sample configuration for the credential provider package that is installed by default with the package controller. +Please refer to [Credential Provider Package with IAM Roles Anywhere.]({{< relref "iam_roles_anywhere" >}}) + +``` +apiVersion: packages.eks.amazonaws.com/v1alpha1 +kind: Package +metadata: + name: ecr-credential-provider-package + namespace: eksa-packages- + annotations: + "helm.sh/resource-policy": keep + "anywhere.eks.aws.com/internal": "true" +spec: + packageName: credential-provider-package + targetNamespace: eksa-packages + config: |- + tolerations: + - key: "node-role.kubernetes.io/master" + operator: "Exists" + effect: "NoSchedule" + - key: "node-role.kubernetes.io/control-plane" + operator: "Exists" + effect: "NoSchedule" + sourceRegistry: public.ecr.aws/eks-anywhere + credential: + - matchImages: + - 783794618700.dkr.ecr.us-west-2.amazonaws.com + profile: "default" + secretName: aws-secret + defaultCacheDuration: "5h" +``` + +In this example, the credential provider will use the secret provided in aws-secret (created automatically on cluster creation) to authenticate to the repository from which curated package images are pulled. Tolerations were also added so that the control plane nodes would also be configured with authentication. + +The secret can exist in two forms: either a base64 encoding of a credential config or individual keys for fields. + +Example credential +``` +[default] +aws_access_key_id=EXAMPLE_ACCESS_KEY +aws_secret_access_key=EXAMPLE_SECRET_KEY +region=us-west-2 +``` + +##### Example secret with separate keys +``` +apiVersion: v1 +kind: Secret +metadata: + name: aws-secret + namespace: eksa-packages +data: + AWS_ACCESS_KEY_ID: "QUtJQUlPU0ZPRE5ON0VYQU1QTEUK" + AWS_SECRET_ACCESS_KEY: "d0phbHJYVXRuRkVNSS9LN01ERU5HL2JQeFJmaUNZRVhBTVBMRUtFWQo=" + REGION: dXMtd2VzdC0yCg== +``` + +##### Example secret in config form +``` +apiVersion: v1 +kind: Secret +metadata: + name: aws-secret + namespace: eksa-packages +data: + config: W2RlZmF1bHRdCmF3c19hY2Nlc3Nfa2V5X2lkPUFLSUFJT1NGT0ROTjdFWEFNUExFCmF3c19zZWNyZXRfYWNjZXNzX2tleT13SmFsclhVdG5GRU1JL0s3TURFTkcvYlB4UmZpQ1lFWEFNUExFS0VZCnJlZ2lvbj11cy13ZXN0LTI= +type: Opaque +``` + +#### Configurable parameters and default values under `spec.config` + +| Parameter | Description | Default | +|----------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------| +| **General** | | | +| image.pullPolicy | Specifies image pull policy: `IfNotPresent`, `Always`, `Never`. | `"IfNotPresent"` | +| tolerations | [Kubernetes tolerations](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) for pod scheduling | `{}` | +| **Credential** | | | +| credential | List of credential providers for authenticating with ECR. Currently only one is supported | 
credential: 
  - secretName: "aws-secret"
    matchImages: []
    defaultCacheDuration: "1h"
    profile: "default
| +| secretName | Name of secret that contains the aws credentials | `"aws-secret"` | +| profile | AWS Profile for secretName | `"default"` | +| matchImages | List of strings used to match against images. See [here](https://kubernetes.io/docs/tasks/administer-cluster/kubelet-credential-provider/#configure-image-matching) for more info
Example to match against any account across multiple regions for ECR:
`"*.dkr.ecr.*.amazonaws.com"` | `"[]"` | +| defaultCacheDuration | Duration the kubelet will cache credentials in-memory. For ECR it is recommended to keep this value less then 12 hours. | `"5h"` | + diff --git a/docs/content/en/docs/packages/metallb/v0.14.9.md b/docs/content/en/docs/packages/metallb/v0.14.9.md new file mode 100644 index 000000000000..10538b265d77 --- /dev/null +++ b/docs/content/en/docs/packages/metallb/v0.14.9.md @@ -0,0 +1,85 @@ +--- +title: "v0.14.9" +linkTitle: "v0.14.9" +weight: 30 +aliases: + /docs/reference/packagespec/metallb/v0.14.9/ +description: > +--- + +{{% pageinfo %}} +[FRRouting](https://frrouting.org/) is currently not supported for MetalLB. +{{% /pageinfo %}} + +### Configuring MetalLB in EKS Anywhere package spec + +#### Example +``` +apiVersion: packages.eks.amazonaws.com/v1alpha1 +kind: Package +metadata: + name: mylb + namespace: eksa-packages- +spec: + packageName: metallb + targetNamespace: metallb-system + config: | + IPAddressPools: + - name: default + addresses: + - 10.220.0.93/32 + - 10.220.0.94/32 + - 10.220.0.95/32 + - name: bgp + addresses: + - 10.220.0.97-10.220.0.99 + L2Advertisements: + - ipAddressPools: + - default + BGPAdvertisements: + - ipAddressPools: + - bgp + autoAssign: false + BGPPeers: + - myASN: 123 + peerASN: 55001 + peerAddress: 1.2.3.4 + keepaliveTime: 30s +``` + +| Parameter | Description | Default | Required | +|---|---|---|---| +| IPAddressPools[] | A list of ip address pools. See **IPAddressPool**. | None | False | +| L2Advertisements[] | A list of Layer 2 advertisements. See **L2Advertisement**. | None | False | +| BGPAdvertisements[] | A list of BGP advertisements. See **BGPAdvertisement**. | None | False | +| BGPPeers[] | A list of BGP peers. See **BGPPeer**. | None | False | +|---|---|---|---| +|**IPAddressPool** | A list of IP address ranges over which MetalLB has authority. You can list multiple ranges in a single pool and they will all share the same settings. Each range can be either a CIDR prefix, or an explicit start-end range of IPs.||| +| name | Name for the address pool. | None | True | +| addresses[] | A list of **string** representing CIRD or IP ranges. | None | True | +| autoAssign | AutoAssign flag used to prevent MetalLB from automatic allocation for a pool. | true | False | +|---|---|---|---| +|**L2Advertisement**|L2Advertisement allows MetalLB to advertise the LoadBalancer IPs provided by the selected pools via L2.||| +| ipAddressPools[] | The list of **IPAddressPool** names to advertise. | None | True | +| name | Name for the L2Advertisement. | None | False | +|---|---|---|---| +|**BGPAdvertisement**|BGPAdvertisement allows MetalLB to advertise the IPs coming from the selected ipAddressPools via BGP, setting the parameters of the BGP Advertisement.||| +| aggregationLength | The aggregation-length advertisement option lets you “roll up” the /32s into a larger prefix. Defaults to 32. Works for IPv4 addresses. | 32 | False | +| aggregationLengthV6 | The aggregation-length advertisement option lets you “roll up” the /128s into a larger prefix. Defaults to 128. Works for IPv6 addresses. | 128 | False | +| communities[] | The BGP communities to be associated with the announcement. Each item can be a community of the form 1234:1234 or the name of an alias defined in the Community CRD. | None | False | +| ipAddressPools[] | The list of **IPAddressPool** names to be advertised via BGP. | None | True | +| localPref | The BGP LOCAL_PREF attribute which is used by BGP best path algorithm, Path with higher localpref is preferred over one with lower localpref. | None | False | +| peers[] | List of peer names. Limits the bgppeer to advertise the ips of the selected pools to. When empty, the loadbalancer IP is announced to all the BGPPeers configured. | None | False | +|---|---|---|---| +|**BGPPeer**|Peers for the BGP protocol.||| +| holdTime | Requested BGP hold time, per RFC4271. | None | False | +| keepaliveTime | Requested BGP keepalive time, per RFC4271. | None | False | +| myASN | AS number to use for the local end of the session. | None | True | +| password | Authentication password for routers enforcing TCP MD5 authenticated sessions. | None | False | +| peerASN | AS number to expect from the remote end of the session. | None | True | +| peerAddress | Address to dial when establishing the session. | None | True | +| peerPort | Port to dial when establishing the session. | 179 | False | +| routerID | BGP router ID to advertise to the peer. | None | False | +| sourceAddress | Source address to use when establishing the session. | None | False | +| password | Authentication password for routers enforcing TCP MD5 authenticated sessions. | None | False | +| passwordSecret | passwordSecret is a reference to the authentication secret for BGP Peer. The secret must be of type 'kubernetes.io/basic-auth' and the password stored under the "password" key. Example: 
passwordSecret:
  name: mySecret
  namespace: metallb-system
| None | False| diff --git a/docs/content/en/docs/packages/packagelist.md b/docs/content/en/docs/packages/packagelist.md index 300f23a4a87c..49b383d41bce 100644 --- a/docs/content/en/docs/packages/packagelist.md +++ b/docs/content/en/docs/packages/packagelist.md @@ -11,11 +11,11 @@ description: > | Name | Description | Versions | GitHub | |----------------------------|----------------------------|---------------------------|-----------------------------| | [ADOT]({{< relref "./adot" >}}) | ADOT Collector is an AWS distribution of the OpenTelemetry Collector, which provides a vendor-agnostic solution to receive, process and export telemetry data. | [v0.41.1]({{< relref "./adot/v0.41.1.md" >}}) | https://github.com/aws-observability/aws-otel-collector | -| [Cert-manager]({{< relref "./cert-manager" >}}) | Cert-manager is a certificate manager for Kubernetes clusters. | [v1.15.3]({{< relref "./cert-manager/v1.15.3.md" >}}) | https://github.com/cert-manager/cert-manager | -| [Cluster Autoscaler]({{< relref "./cluster-autoscaler" >}}) | Cluster Autoscaler is a component that automatically adjusts the size of a Kubernetes Cluster so that all pods have a place to run and there are no unneeded nodes. | [v9.43.0]({{< relref "./cluster-autoscaler/v9.43.0.md" >}}) | https://github.com/kubernetes/autoscaler | +| [Cert-manager]({{< relref "./cert-manager" >}}) | Cert-manager is a certificate manager for Kubernetes clusters. | [v1.16.1]({{< relref "./cert-manager/v1.16.1.md" >}}) | https://github.com/cert-manager/cert-manager | +| [Cluster Autoscaler]({{< relref "./cluster-autoscaler" >}}) | Cluster Autoscaler is a component that automatically adjusts the size of a Kubernetes Cluster so that all pods have a place to run and there are no unneeded nodes. | [v9.43.2]({{< relref "./cluster-autoscaler/v9.43.2.md" >}}) | https://github.com/kubernetes/autoscaler | | [Emissary Ingress]({{< relref "./emissary" >}}) | Emissary Ingress is an open source `Ingress` supporting API Gateway + Layer 7 load balancer built on Envoy Proxy. | [v3.9.1]({{< relref "./emissary/v3.9.1.md" >}}) | https://github.com/emissary-ingress/emissary/ | | [Harbor]({{< relref "./harbor" >}}) | Harbor is an open source trusted cloud native registry project that stores, signs, and scans content. | [v2.11.1]({{< relref "./harbor/v2.11.1.md" >}})| https://github.com/goharbor/harbor
https://github.com/goharbor/harbor-helm | -| [MetalLB]({{< relref "./metallb" >}}) | MetalLB is a virtual IP provider for services of type `LoadBalancer` supporting ARP and BGP. | [v0.14.8]({{< relref "./metallb/v0.14.8.md" >}}) | https://github.com/metallb/metallb/ | +| [MetalLB]({{< relref "./metallb" >}}) | MetalLB is a virtual IP provider for services of type `LoadBalancer` supporting ARP and BGP. | [v0.14.9]({{< relref "./metallb/v0.14.9.md" >}}) | https://github.com/metallb/metallb/ | | [Metrics Server]({{< relref "./metrics-server" >}}) | Metrics Server is a scalable, efficient source of container resource metrics for Kubernetes built-in autoscaling pipelines. | [v3.12.2]({{< relref "./metrics-server/v3.12.2.md" >}}) | https://github.com/kubernetes-sigs/metrics-server | -| [Prometheus]({{< relref "./prometheus" >}}) | Prometheus is an open-source systems monitoring and alerting toolkit that collects and stores metrics as time series data. | [v2.54.1]({{< relref "./prometheus/v2.54.1.md" >}}) | https://github.com/prometheus/prometheus | +| [Prometheus]({{< relref "./prometheus" >}}) | Prometheus is an open-source systems monitoring and alerting toolkit that collects and stores metrics as time series data. | [v2.55.1]({{< relref "./prometheus/v2.55.1.md" >}}) | https://github.com/prometheus/prometheus | diff --git a/docs/content/en/docs/packages/prometheus/v2.55.1.md b/docs/content/en/docs/packages/prometheus/v2.55.1.md new file mode 100644 index 000000000000..5a0528513ced --- /dev/null +++ b/docs/content/en/docs/packages/prometheus/v2.55.1.md @@ -0,0 +1,581 @@ +--- +title: "v2.55.1" +linkTitle: "v2.55.1" +weight: 30 +aliases: + /docs/reference/packagespec/prometheus/v2.55.1/ +description: > +--- + +### Configuring Prometheus in EKS Anywhere package spec + +#### Example +``` +apiVersion: packages.eks.amazonaws.com/v1alpha1 +kind: Package +metadata: + name: generated-prometheus + namespace: eksa-packages- +spec: + packageName: prometheus + targetNamespace: observability + config: | + server: + replicaCount: 2 + statefulSet: + enabled: true +``` + +#### Configurable parameters and default values under `spec.config` + +| Parameter | Description | Default | +|-----|---------|-------------| +|**General**| +| rbac.create | Specifies if clusterRole / role and clusterRoleBinding / roleBinding will be created for prometheus-server and node-exporter | `true` | +| sourceRegistry | Specifies image source registry for prometheus-server and node-exporter | `"783794618700.dkr.ecr.us-west-2.amazonaws.com"` | +|**Node-Exporter**| +| nodeExporter.enabled | Indicates if node-exporter is enabled | `true` | +| nodeExporter.hostNetwork | Indicates if node-exporter shares the host network namespace | `true` | +| nodeExporter.hostPID | Indicates if node-exporter shares the host process ID namespace| `true` | +| nodeExporter.image.pullPolicy | Specifies node-exporter image pull policy: `IfNotPresent`, `Always`, `Never` | `"IfNotPresent"` | +| nodeExporter.image.repository | Specifies node-exporter image repository | `"prometheus/node-exporter"` | +| nodeExporter.resources | Specifies resource requests and limits of the node-exporter container. Refer to the Kubernetes API documentation [ResourceRequirements](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.24/#resourcerequirements-v1-core) field for more details | `{}` | +| nodeExporter.service | Specifies how to expose node-exporter as a network service | See footnote [^1] | +| nodeExporter.tolerations | Specifies node tolerations for node-exporter scheduling to nodes with taints. Refer to the Kubernetes API documentation [toleration](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.24/#toleration-v1-core) field for more details. | See footnote [^2] | +| serviceAccounts.nodeExporter.annotations | Specifies node-exporter service account annotations | `{}` | +| serviceAccounts.nodeExporter.create | Indicates if node-exporter service account will be created | `true` | +| serviceAccounts.nodeExporter.name | Specifies node-exporter service account name | `""` | +|**Prometheus-Server**| +| server.enabled | Indicates if prometheus-server is enabled | `true` | +| server.global.evaluation_interval | Specifies how frequently the prometheus-server rules are evaluated | `"1m"` | +| server.global.scrape_interval | Specifies how frequently prometheus-server will scrape targets | `"1m"` | +| server.global.scrape_timeout | Specifies how long until a prometheus-server scrape request times out | `"10s"` | +| server.image.pullPolicy | Specifies prometheus-server image pull policy: `IfNotPresent`, `Always`, `Never` |`"IfNotPresent"` | +| server.image.repository | Specifies prometheus-server image repository | `"prometheus/prometheus"` | +| server.name | Specifies prometheus-server container name | `"server"` | +| server.persistentVolume.accessModes | Specifies prometheus-server data Persistent Volume access modes | `"ReadWriteOnce"` | +| server.persistentVolume.enabled | Indicates if prometheus-server will create/use a Persistent Volume Claim | `true` | +| server.persistentVolume.existingClaim | Specifies prometheus-server data Persistent Volume existing claim name. It requires `server.persistentVolume.enabled: true`. If defined, PVC must be created manually before volume will be bound | `""` | +| server.persistentVolume.size | Specifies prometheus-server data Persistent Volume size | `"8Gi"` | +| server.remoteRead | Specifies prometheus-server remote read configs. Refer to Prometheus docs [remote_read](https://prometheus.io/docs/prometheus/latest/configuration/configuration/#remote_read) for more details | `[]` | +| server.remoteWrite | Specifies prometheus-server remote write configs. Refer to Prometheus docs [remote_write](https://prometheus.io/docs/prometheus/latest/configuration/configuration/#remote_write) for more details | `[]` | +| server.replicaCount | Specifies the replicaCount for prometheus-server deployment / statefulSet. **Note:** `server.statefulSet.enabled` should be set to `true` if `server.replicaCount` is greater than `1` | `1` | +| server.resources | Specifies resource requests and limits of the prometheus-server container. Refer to the Kubernetes API documentation [ResourceRequirements](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.24/#resourcerequirements-v1-core) field for more details | `{}` | +| server.retention | Specifies prometheus-server data retention period | `"15d"` | +| server.service | Specifies how to expose prometheus-server as a network service | See footnote [^3] | +| server.statefulSet.enabled | Indicates if prometheus-server is deployed as a statefulSet. If set to `false`, prometheus-server will be deployed as a deployment | `false` | +| serverFiles."prometheus.yml".scrape_configs | Specifies a set of targets and parameters for prometheus-server describing how to scrape them. Refer to Prometheus docs [scrape_config](https://prometheus.io/docs/prometheus/latest/configuration/configuration/#scrape_config) for more details | See footnote [^4] | +| serviceAccounts.server.annotations | Specifies prometheus-server service account annotations | `{}` | +| serviceAccounts.server.create | Indicates if prometheus-server service account will be created | `true` | +| serviceAccounts.server.name | Specifies prometheus-server service account name | `""` | + +[^1]: + Node-exporter service is exposed as a `clusterIP` with `port: 9100` (controlled by `nodeExporter.service.servicePort` below) and `targetPort: 9100` (controlled by `nodeExporter.service.hostPort` below) by default. Note the annotation `prometheus.io/scrape: "true"` is mandatory in order for node-exporter to be discovered by prometheus-server as a scrape target. See below specification for details. + ```yaml + apiVersion: packages.eks.amazonaws.com/v1alpha1 + kind: Package + ... + spec: + config: | + nodeExporter: + service: + annotations: + prometheus.io/scrape: "true" + hostPort: 9100 + servicePort: 9100 + type: ClusterIP + ``` + +[^2]: + Node-exporter pods have the following toleration by default, which allows daemonSet to be scheduled on control plane node. + ```yaml + apiVersion: packages.eks.amazonaws.com/v1alpha1 + kind: Package + ... + spec: + config: | + nodeExporter: + tolerations: + # For K8 version prior to 1.24 + - key: "node-role.kubernetes.io/master" + operator: "Exists" + effect: "NoSchedule" + # For K8 version 1.24+ + - key: "node-role.kubernetes.io/control-plane" + operator: "Exists" + effect: "NoSchedule" + ``` + +[^3]: + Prometheus-server service is exposed as a `clusterIP` with `port: 9090` (controlled by `server.service.servicePort` below) and `targetPort: 9090` (not overridable) by default. See below specification for details. + ```yaml + apiVersion: packages.eks.amazonaws.com/v1alpha1 + kind: Package + ... + spec: + config: | + server: + service: + enabled: true + servicePort: 9090 + type: ClusterIP + ``` + +[^4]: + Prometheus-server by default has the following scrape configs. + ```yaml + apiVersion: packages.eks.amazonaws.com/v1alpha1 + kind: Package + ... + spec: + config: | + serverFiles: + prometheus.yml: + scrape_configs: + - job_name: prometheus + honor_timestamps: true + scrape_interval: 1m + scrape_timeout: 10s + metrics_path: /metrics + scheme: http + follow_redirects: true + enable_http2: true + static_configs: + - targets: + - localhost:9090 + - job_name: kubernetes-apiservers + honor_timestamps: true + scrape_interval: 1m + scrape_timeout: 10s + metrics_path: /metrics + scheme: https + authorization: + type: Bearer + credentials_file: /var/run/secrets/kubernetes.io/serviceaccount/token + tls_config: + ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt + insecure_skip_verify: false + follow_redirects: true + enable_http2: true + relabel_configs: + - source_labels: [__meta_kubernetes_namespace, __meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name] + separator: ; + regex: default;kubernetes;https + replacement: $1 + action: keep + kubernetes_sd_configs: + - role: endpoints + kubeconfig_file: "" + follow_redirects: true + enable_http2: true + - job_name: kubernetes-nodes + honor_timestamps: true + scrape_interval: 1m + scrape_timeout: 10s + metrics_path: /metrics + scheme: https + authorization: + type: Bearer + credentials_file: /var/run/secrets/kubernetes.io/serviceaccount/token + tls_config: + ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt + insecure_skip_verify: false + follow_redirects: true + enable_http2: true + relabel_configs: + - separator: ; + regex: __meta_kubernetes_node_label_(.+) + replacement: $1 + action: labelmap + - separator: ; + regex: (.*) + target_label: __address__ + replacement: kubernetes.default.svc:443 + action: replace + - source_labels: [__meta_kubernetes_node_name] + separator: ; + regex: (.+) + target_label: __metrics_path__ + replacement: /api/v1/nodes/$1/proxy/metrics + action: replace + kubernetes_sd_configs: + - role: node + kubeconfig_file: "" + follow_redirects: true + enable_http2: true + - job_name: kubernetes-nodes-cadvisor + honor_timestamps: true + scrape_interval: 1m + scrape_timeout: 10s + metrics_path: /metrics + scheme: https + authorization: + type: Bearer + credentials_file: /var/run/secrets/kubernetes.io/serviceaccount/token + tls_config: + ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt + insecure_skip_verify: false + follow_redirects: true + enable_http2: true + relabel_configs: + - separator: ; + regex: __meta_kubernetes_node_label_(.+) + replacement: $1 + action: labelmap + - separator: ; + regex: (.*) + target_label: __address__ + replacement: kubernetes.default.svc:443 + action: replace + - source_labels: [__meta_kubernetes_node_name] + separator: ; + regex: (.+) + target_label: __metrics_path__ + replacement: /api/v1/nodes/$1/proxy/metrics/cadvisor + action: replace + kubernetes_sd_configs: + - role: node + kubeconfig_file: "" + follow_redirects: true + enable_http2: true + - job_name: kubernetes-service-endpoints + honor_labels: true + honor_timestamps: true + scrape_interval: 1m + scrape_timeout: 10s + metrics_path: /metrics + scheme: http + follow_redirects: true + enable_http2: true + relabel_configs: + - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scrape] + separator: ; + regex: "true" + replacement: $1 + action: keep + - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scrape_slow] + separator: ; + regex: "true" + replacement: $1 + action: drop + - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scheme] + separator: ; + regex: (https?) + target_label: __scheme__ + replacement: $1 + action: replace + - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_path] + separator: ; + regex: (.+) + target_label: __metrics_path__ + replacement: $1 + action: replace + - source_labels: [__address__, __meta_kubernetes_service_annotation_prometheus_io_port] + separator: ; + regex: (.+?)(?::\d+)?;(\d+) + target_label: __address__ + replacement: $1:$2 + action: replace + - separator: ; + regex: __meta_kubernetes_service_annotation_prometheus_io_param_(.+) + replacement: __param_$1 + action: labelmap + - separator: ; + regex: __meta_kubernetes_service_label_(.+) + replacement: $1 + action: labelmap + - source_labels: [__meta_kubernetes_namespace] + separator: ; + regex: (.*) + target_label: namespace + replacement: $1 + action: replace + - source_labels: [__meta_kubernetes_service_name] + separator: ; + regex: (.*) + target_label: service + replacement: $1 + action: replace + - source_labels: [__meta_kubernetes_pod_node_name] + separator: ; + regex: (.*) + target_label: node + replacement: $1 + action: replace + kubernetes_sd_configs: + - role: endpoints + kubeconfig_file: "" + follow_redirects: true + enable_http2: true + - job_name: kubernetes-service-endpoints-slow + honor_labels: true + honor_timestamps: true + scrape_interval: 5m + scrape_timeout: 30s + metrics_path: /metrics + scheme: http + follow_redirects: true + enable_http2: true + relabel_configs: + - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scrape_slow] + separator: ; + regex: "true" + replacement: $1 + action: keep + - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scheme] + separator: ; + regex: (https?) + target_label: __scheme__ + replacement: $1 + action: replace + - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_path] + separator: ; + regex: (.+) + target_label: __metrics_path__ + replacement: $1 + action: replace + - source_labels: [__address__, __meta_kubernetes_service_annotation_prometheus_io_port] + separator: ; + regex: (.+?)(?::\d+)?;(\d+) + target_label: __address__ + replacement: $1:$2 + action: replace + - separator: ; + regex: __meta_kubernetes_service_annotation_prometheus_io_param_(.+) + replacement: __param_$1 + action: labelmap + - separator: ; + regex: __meta_kubernetes_service_label_(.+) + replacement: $1 + action: labelmap + - source_labels: [__meta_kubernetes_namespace] + separator: ; + regex: (.*) + target_label: namespace + replacement: $1 + action: replace + - source_labels: [__meta_kubernetes_service_name] + separator: ; + regex: (.*) + target_label: service + replacement: $1 + action: replace + - source_labels: [__meta_kubernetes_pod_node_name] + separator: ; + regex: (.*) + target_label: node + replacement: $1 + action: replace + kubernetes_sd_configs: + - role: endpoints + kubeconfig_file: "" + follow_redirects: true + enable_http2: true + - job_name: prometheus-pushgateway + honor_labels: true + honor_timestamps: true + scrape_interval: 1m + scrape_timeout: 10s + metrics_path: /metrics + scheme: http + follow_redirects: true + enable_http2: true + relabel_configs: + - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_probe] + separator: ; + regex: pushgateway + replacement: $1 + action: keep + kubernetes_sd_configs: + - role: service + kubeconfig_file: "" + follow_redirects: true + enable_http2: true + - job_name: kubernetes-services + honor_labels: true + honor_timestamps: true + params: + module: + - http_2xx + scrape_interval: 1m + scrape_timeout: 10s + metrics_path: /probe + scheme: http + follow_redirects: true + enable_http2: true + relabel_configs: + - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_probe] + separator: ; + regex: "true" + replacement: $1 + action: keep + - source_labels: [__address__] + separator: ; + regex: (.*) + target_label: __param_target + replacement: $1 + action: replace + - separator: ; + regex: (.*) + target_label: __address__ + replacement: blackbox + action: replace + - source_labels: [__param_target] + separator: ; + regex: (.*) + target_label: instance + replacement: $1 + action: replace + - separator: ; + regex: __meta_kubernetes_service_label_(.+) + replacement: $1 + action: labelmap + - source_labels: [__meta_kubernetes_namespace] + separator: ; + regex: (.*) + target_label: namespace + replacement: $1 + action: replace + - source_labels: [__meta_kubernetes_service_name] + separator: ; + regex: (.*) + target_label: service + replacement: $1 + action: replace + kubernetes_sd_configs: + - role: service + kubeconfig_file: "" + follow_redirects: true + enable_http2: true + - job_name: kubernetes-pods + honor_labels: true + honor_timestamps: true + scrape_interval: 1m + scrape_timeout: 10s + metrics_path: /metrics + scheme: http + follow_redirects: true + enable_http2: true + relabel_configs: + - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_scrape] + separator: ; + regex: "true" + replacement: $1 + action: keep + - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_scrape_slow] + separator: ; + regex: "true" + replacement: $1 + action: drop + - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_scheme] + separator: ; + regex: (https?) + target_label: __scheme__ + replacement: $1 + action: replace + - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_path] + separator: ; + regex: (.+) + target_label: __metrics_path__ + replacement: $1 + action: replace + - source_labels: [__address__, __meta_kubernetes_pod_annotation_prometheus_io_port] + separator: ; + regex: (.+?)(?::\d+)?;(\d+) + target_label: __address__ + replacement: $1:$2 + action: replace + - separator: ; + regex: __meta_kubernetes_pod_annotation_prometheus_io_param_(.+) + replacement: __param_$1 + action: labelmap + - separator: ; + regex: __meta_kubernetes_pod_label_(.+) + replacement: $1 + action: labelmap + - source_labels: [__meta_kubernetes_namespace] + separator: ; + regex: (.*) + target_label: namespace + replacement: $1 + action: replace + - source_labels: [__meta_kubernetes_pod_name] + separator: ; + regex: (.*) + target_label: pod + replacement: $1 + action: replace + - source_labels: [__meta_kubernetes_pod_phase] + separator: ; + regex: Pending|Succeeded|Failed|Completed + replacement: $1 + action: drop + kubernetes_sd_configs: + - role: pod + kubeconfig_file: "" + follow_redirects: true + enable_http2: true + - job_name: kubernetes-pods-slow + honor_labels: true + honor_timestamps: true + scrape_interval: 5m + scrape_timeout: 30s + metrics_path: /metrics + scheme: http + follow_redirects: true + enable_http2: true + relabel_configs: + - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_scrape_slow] + separator: ; + regex: "true" + replacement: $1 + action: keep + - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_scheme] + separator: ; + regex: (https?) + target_label: __scheme__ + replacement: $1 + action: replace + - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_path] + separator: ; + regex: (.+) + target_label: __metrics_path__ + replacement: $1 + action: replace + - source_labels: [__address__, __meta_kubernetes_pod_annotation_prometheus_io_port] + separator: ; + regex: (.+?)(?::\d+)?;(\d+) + target_label: __address__ + replacement: $1:$2 + action: replace + - separator: ; + regex: __meta_kubernetes_pod_annotation_prometheus_io_param_(.+) + replacement: __param_$1 + action: labelmap + - separator: ; + regex: __meta_kubernetes_pod_label_(.+) + replacement: $1 + action: labelmap + - source_labels: [__meta_kubernetes_namespace] + separator: ; + regex: (.*) + target_label: namespace + replacement: $1 + action: replace + - source_labels: [__meta_kubernetes_pod_name] + separator: ; + regex: (.*) + target_label: pod + replacement: $1 + action: replace + - source_labels: [__meta_kubernetes_pod_phase] + separator: ; + regex: Pending|Succeeded|Failed|Completed + replacement: $1 + action: drop + kubernetes_sd_configs: + - role: pod + kubeconfig_file: "" + follow_redirects: true + enable_http2: true + ```